git:master:6c12477f: core: pass fd - check for unexpected read size overflow - sr-dev

11 Feb 2025

Module: kamailio
Branch: master
Commit: 6c12477f1dad2279431d703d1a4f63fcfc6543b8
URL: https://github.com/kamailio/kamailio/commit/6c12477f1dad2279431d703d1a4f63fc...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2025-02-11T11:30:34+01:00
core: pass fd - check for unexpected read size overflow
---
Modified: src/core/pass_fd.c
---
Diff:  https://github.com/kamailio/kamailio/commit/6c12477f1dad2279431d703d1a4f63fc...
Patch: https://github.com/kamailio/kamailio/commit/6c12477f1dad2279431d703d1a4f63fc...
---

diff --git a/src/core/pass_fd.c b/src/core/pass_fd.c
index eae20206fd5..77431dbf293 100644
--- a/src/core/pass_fd.c
+++ b/src/core/pass_fd.c
@@ -35,6 +35,7 @@
 #include <sys/socket.h>
 #include <sys/uio.h>
 #include <stdlib.h> /* for NULL definition on openbsd */
+#include <limits.h>
 #include <errno.h>
 #include <string.h>
 #ifdef NO_MSG_WAITALL
@@ -289,9 +290,14 @@ int receive_fd(int unix_socket, void *data, int data_len, int *fd, int flags)
    	/* blocking recv_all */
    	n = recv_all(
    			unix_socket, (char *)data + ret, data_len - ret, MSG_WAITALL);
-		if(n >= 0)
+		if(n >= 0) {
+			if(ret >= INT_MAX - n) {
+				LM_ERR("int size overflowing: %d + %d\n", ret, n);
+				ret = -1;
+				goto error;
+			}
    		ret += n;
-		else {
+		} else {
    		ret = n;
    		goto error;
    	}

    